package com.forlgb.powercloud.base.client.source.config;

import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

/**
 * 资源服务器的配置，这个类表明了此应用是OAuth2 的资源服务器（访问资源都需要认证），此处主要指定了受资源服务器保护的资源链接
 */
@Configuration
@EnableResourceServer
@ComponentScan({"com.forlgb.powercloud.base.client.source"})
@AutoConfigureBefore(WebMvcAutoConfiguration.class)
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .authorizeRequests()//限定签名成功的请求
                .anyRequest().authenticated()
                // 免验证请求
                .antMatchers("/oauth/**","/user/**").permitAll();
    }
}
